CVE-2023-39296

🗓️ 05 Jan 2024 16:19:20Reported by qnapType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 52 Views

Prototype pollution vulnerability in QNAP OS allows attribute override, leading to a network crash

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2023-39296	5 Jan 202418:31	–	circl
CNNVD	QNAP Systems QTS and QuTS hero security vulnerabilities	5 Jan 202400:00	–	cnnvd
Cvelist	CVE-2023-39296 QTS, QuTS hero	5 Jan 202416:19	–	cvelist
EUVD	EUVD-2023-43028	3 Oct 202520:07	–	euvd
NVD	CVE-2023-39296	5 Jan 202417:15	–	nvd
OpenVAS	QNAP QTS Multiple Vulnerabilities (QSA-23-22, QSA-23-54, QSA-23-64)	9 Jan 202400:00	–	openvas
OpenVAS	QNAP QuTS hero Multiple Vulnerabilities (QSA-23-22, QSA-23-54, QSA-23-64)	9 Jan 202400:00	–	openvas
Prion	Code injection	5 Jan 202417:15	–	prion
Positive Technologies	PT-2023-8165 · Qnap · Qnap Qts +1	7 Dec 202300:00	–	ptsecurity
Tenable Nessus	QNAP QTS / QuTS hero Vulnerability in QTS and QuTS hero (QSA-23-64)	8 Jan 202400:00	–	nessus

NVD

Node

qnap qtsMatch5.1.0.2348build_20230325

qnap qtsMatch5.1.0.2399build_20230515

qnap qtsMatch5.1.0.2418build_20230603

qnap qtsMatch5.1.0.2444build_20230629

qnap qtsMatch5.1.0.2466build_20230721

qnap qtsMatch5.1.1.2491build_20230815

qnap qtsMatch5.1.2.2533build_20230926

Node

qnap quts_heroMatchh5.1.0.2409build_20230525

qnap quts_heroMatchh5.1.0.2424build_20230609

qnap quts_heroMatchh5.1.0.2453build_20230708

qnap quts_heroMatchh5.1.0.2466build_20230721

qnap quts_heroMatchh5.1.1.2488build_20230812

qnap quts_heroMatchh5.1.2.2534build_20230927

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-23-64

21 Nov 2024 08:15Current

8.4High risk

Vulners AI Score8.4

CVSS 3.17.5

EPSS0.00417

SSVC

CWE-1321